forked from pub-solar/infra
style: avoid usage of top-level "with lib";
See: https://github.com/NixOS/nixpkgs/issues/208242
This commit is contained in:
parent
39221b3874
commit
c015a1ec2e
|
@ -13,25 +13,29 @@
|
||||||
./users.nix
|
./users.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
options.pub-solar-os = with lib; {
|
options.pub-solar-os =
|
||||||
adminEmail = mkOption {
|
let
|
||||||
description = "Email address to use for administrative stuff like ACME";
|
inherit (lib) mkOption types;
|
||||||
type = types.str;
|
in
|
||||||
default = "admins@pub.solar";
|
{
|
||||||
};
|
adminEmail = mkOption {
|
||||||
|
description = "Email address to use for administrative stuff like ACME";
|
||||||
|
type = types.str;
|
||||||
|
default = "admins@pub.solar";
|
||||||
|
};
|
||||||
|
|
||||||
privacyPolicyUrl = mkOption {
|
privacyPolicyUrl = mkOption {
|
||||||
description = "URL of the privacy policy. Used to link there from applications";
|
description = "URL of the privacy policy. Used to link there from applications";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "https://pub.solar/privacy";
|
default = "https://pub.solar/privacy";
|
||||||
};
|
};
|
||||||
|
|
||||||
imprintUrl = mkOption {
|
imprintUrl = mkOption {
|
||||||
description = "URL of the imprint. Used to link there from applications";
|
description = "URL of the imprint. Used to link there from applications";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "https://pub.solar/about";
|
default = "https://pub.solar/about";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
environment = {
|
environment = {
|
||||||
|
|
|
@ -5,18 +5,22 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
options.pub-solar-os.networking = with lib; {
|
options.pub-solar-os.networking =
|
||||||
domain = mkOption {
|
let
|
||||||
description = "domain on which all services should run. This defaults to pub.solar";
|
inherit (lib) mkOption types;
|
||||||
type = types.str;
|
in
|
||||||
default = "pub.solar";
|
{
|
||||||
};
|
domain = mkOption {
|
||||||
|
description = "domain on which all services should run. This defaults to pub.solar";
|
||||||
|
type = types.str;
|
||||||
|
default = "pub.solar";
|
||||||
|
};
|
||||||
|
|
||||||
defaultInterface = mkOption {
|
defaultInterface = mkOption {
|
||||||
description = "Network interface which should be used as the default internet-connected one";
|
description = "Network interface which should be used as the default internet-connected one";
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
|
@ -41,7 +45,7 @@
|
||||||
# This breaks compatibilty with clients that do not offer these MACs. For
|
# This breaks compatibilty with clients that do not offer these MACs. For
|
||||||
# compatibility reasons, we add back the old defaults.
|
# compatibility reasons, we add back the old defaults.
|
||||||
# See: https://github.com/NixOS/nixpkgs/pull/231165
|
# See: https://github.com/NixOS/nixpkgs/pull/231165
|
||||||
#
|
#
|
||||||
# https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
|
# https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
|
||||||
# https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
|
# https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
|
||||||
Macs = [
|
Macs = [
|
||||||
|
|
|
@ -6,37 +6,41 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
options.pub-solar-os.authentication = with lib; {
|
options.pub-solar-os.authentication =
|
||||||
username = mkOption {
|
let
|
||||||
description = "Username for the adminstrative user";
|
inherit (lib) mkOption types;
|
||||||
type = types.str;
|
in
|
||||||
default = flake.self.username;
|
{
|
||||||
};
|
username = mkOption {
|
||||||
|
description = "Username for the adminstrative user";
|
||||||
|
type = types.str;
|
||||||
|
default = flake.self.username;
|
||||||
|
};
|
||||||
|
|
||||||
sshPubKeys = mkOption {
|
sshPubKeys = mkOption {
|
||||||
description = "SSH Keys that should have administrative root access";
|
description = "SSH Keys that should have administrative root access";
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = flake.self.logins.admins.sshPubKeys;
|
default = flake.self.logins.admins.sshPubKeys;
|
||||||
};
|
};
|
||||||
|
|
||||||
root.initialHashedPassword = mkOption {
|
root.initialHashedPassword = mkOption {
|
||||||
description = "Hashed password of the root account";
|
description = "Hashed password of the root account";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
||||||
};
|
};
|
||||||
|
|
||||||
robot.username = mkOption {
|
robot.username = mkOption {
|
||||||
description = "username for the robot user";
|
description = "username for the robot user";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "hakkonaut";
|
default = "hakkonaut";
|
||||||
};
|
};
|
||||||
|
|
||||||
robot.sshPubKeys = mkOption {
|
robot.sshPubKeys = mkOption {
|
||||||
description = "SSH Keys to use for the robot user";
|
description = "SSH Keys to use for the robot user";
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = flake.self.logins.robots.sshPubKeys;
|
default = flake.self.logins.robots.sshPubKeys;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
users.users.${config.pub-solar-os.authentication.username} = {
|
users.users.${config.pub-solar-os.authentication.username} = {
|
||||||
|
|
|
@ -6,12 +6,12 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
options.pub-solar-os.auth = with lib; {
|
options.pub-solar-os.auth = {
|
||||||
enable = mkEnableOption "Enable keycloak to run on the node";
|
enable = lib.mkEnableOption "Enable keycloak to run on the node";
|
||||||
|
|
||||||
realm = mkOption {
|
realm = lib.mkOption {
|
||||||
description = "Name of the realm";
|
description = "Name of the realm";
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = config.pub-solar-os.networking.domain;
|
default = config.pub-solar-os.networking.domain;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue